Enhance tests for deleting a role not assigned

There wasn't a test that showed what happens when a role is deleted that was never assigned. Change-Id: I2845e3f03dc8e8f1dd41d8f41d2f6669004bc506 Related-bug: #1242855
openstack · Oct 21, 2013 · b17e7be · b17e7be
1 parent 2df1b7c
commit b17e7be
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/keystone/tests/test_backend.py b/keystone/tests/test_backend.py
@@ -61,6 +61,15 @@ def test_project_add_and_remove_user_role(self):
             self.tenant_bar['id'])
         self.assertNotIn(self.user_two['id'], user_ids)
 
+    def test_remove_user_role_not_assigned(self):
+        # Expect failure if attempt to remove a role that was never assigned to
+        # the user.
+        self.assertRaises(exception.RoleNotFound,
+                          self.identity_api.remove_role_from_user_and_project,
+                          tenant_id=self.tenant_bar['id'],
+                          user_id=self.user_two['id'],
+                          role_id=self.role_other['id'])
+
     def test_authenticate_bad_user(self):
         self.assertRaises(AssertionError,
                           self.identity_api.authenticate,

diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py
@@ -870,6 +870,14 @@ def test_list_projects_for_alternate_domain(self):
         self.skipTest(
             'N/A: LDAP does not support multiple domains')
 
+    def test_remove_user_role_not_assigned(self):
+        # This raises exception as expected with SQL assignment backend but
+        # not with LDAP (see bug #1242855)
+        self.identity_api.remove_role_from_user_and_project(
+            tenant_id=self.tenant_bar['id'],
+            user_id=self.user_two['id'],
+            role_id=self.role_other['id'])
+
 
 class LDAPIdentityEnabledEmulation(LDAPIdentity):
     def setUp(self):